WebApp Sec mailing list archives
New WebApp security paper: Anit-fraud Image Solutions
From: "WebAppSec" <webappsec () technicalinfo net>
Date: Tue, 28 Apr 2009 08:12:32 -0400
WebAppSec gurus, I recently had some time on my hands to write up a whitepaper covering a topic that I've been repeatedly queried about over the years - how can you tell which person "stole" a copy of your Web application content and used it to build a phishing or fraud site? It's not a particularly easy question to answer, but there are a number of things that can be done to help this identification task. One useful component of that identification process is the embedding of unique tagging information within the content of the application. This process, referred to as Distribution Tracing, can be applied to the images used to construct the Web site. The paper "Anti-fraud Image Solutions" is now available on my Web site - http://www.technicalinfo.net/papers/AntiFraudImageSolutions.html ...and there's a blog on the topic over at - http://technicalinfodotnet.blogspot.com/2009/04/who-cloned-web-site-heres-ho w-to-tell.html Hope the paper proves insightful for some of you having to advise your customers directly. I'll offer a beer at BlackHat Las Vegas this year to the first person to name 3 large international banks that already use this tracing process, and the algorithm they went with :-) Cheers, Gunter Ollmann
Current thread:
- Re: How can i protect against session hijacking?, (continued)
- Message not available
- Re: How can i protect against session hijacking? David Scholefield (Apr 03)
- RE: How can i protect against session hijacking? Debasis Mohanty (Apr 02)
- RE: How can i protect against session hijacking? Debasis Mohanty (Apr 02)
- RE: How can i protect against session hijacking? Debasis Mohanty (Apr 02)
- Re: How can i protect against session hijacking? AF (Apr 03)
- Re: How can i protect against session hijacking? David Scholefield (Apr 03)
- RE: How can i protect against session hijacking? Debasis Mohanty (Apr 03)
- RE: How can i protect against session hijacking? Debasis Mohanty (Apr 03)
- Re: How can i protect against session hijacking? AF (Apr 03)
- Re: How can i protect against session hijacking? Rohit Sethi (Apr 02)
- Re: How can i protect against session hijacking? Michael Condon (Apr 03)
- New WebApp security paper: Anit-fraud Image Solutions WebAppSec (Apr 29)
- Re: How can i protect against session hijacking? Michael Condon (Apr 03)
- Re: How can i protect against session hijacking? Just1n T1mberlake (Apr 06)